Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Formal detection method and system for malicious url

A detection method and detection system technology, which can be applied in transmission systems, digital transmission systems, electrical components, etc., can solve problems such as missed reports of antivirus software, and achieve the effect of high detection rate and good detection rate.

Active Publication Date: 2015-11-18
HARBIN ANTIY TECH
View PDF3 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] Currently, malicious URL detection methods are all based on string matching. Security vendors collect a large number of malicious URLs and store them in the signature database. Part of the malicious URL detection problem, but due to the variability of the URL format mentioned above, a simple change of a malicious URL, without changing the nature of its malicious link, its content has been matched with the characteristics of the virus database It is not completely consistent, which leads to the false report of anti-virus software. Many hackers take advantage of this loophole and often change the URL address format of their linked horse websites to avoid the interception of anti-virus software. Some malicious codes are passing through the network. When propagating itself, it often modifies the value in the query part of the URL address of its hanging horse, and its value may be randomly generated. This method ensures that the malicious URL link has a longer timeliness

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Formal detection method and system for malicious url
  • Formal detection method and system for malicious url
  • Formal detection method and system for malicious url

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0035] In order to enable those skilled in the art to better understand the technical solutions in the embodiments of the present invention, and to make the above-mentioned purposes, features and advantages of the present invention more obvious and easy to understand, the technical solutions in the present invention will be further detailed below in conjunction with the accompanying drawings illustrate.

[0036] The present invention aims at the variability of the character string format of the malicious URL link address, and regularizes the character string format, abandons the part that is changeable and meaningless to detection, supplements the part that is omitted by default, and forms a composition that contains enough Informative data to be detected. The string format of the regularized URL address is "scheme: / / domain:port / path", which retains the protocol, domain name, port, and path. These data can completely determine the address information pointed to by a URL, so th...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a formalization detection method for a malicious URL (uniform resource locator). The formalization detection method comprises the following steps of: splitting the URL to be detected into syntactic element character strings according to a URL syntactic structure on the basis of the standard of RFC (request for comments); extracting designated character strings from the character strings obtained by splitting; performing completing treatment on the non-existent character strings; reordering the character strings obtained after completing treatment to obtain a new URL, and calculating the hash value of the new URL; and traversing a malicious URL feature library, and performing contrast detection on feature data in the malicious URL feature library and the hash value of the URL to be detected. The invention further discloses a formalization detection system for the malicious URL. The technical scheme disclosed by the invention can be effectively used against the variability in the formats of the URL; and compared with the traditional URL detection method, the detection rate against the malicious URL which often changes the format is higher, and a single feature can also be adopted for corresponding to multiple format variants of the malicious URL, so that the volume of a virus feature library required for the detection method is smaller, and the space of a memory and a magnetic disk can be further saved.

Description

technical field [0001] The invention relates to the technical field of computer network security, in particular to a formal detection method and system for malicious URLs. Background technique [0002] According to the RFC specification, the grammatical format of URL (UniformResourceLocator) is as follows: "scheme: / / username:passworddomain:port / path?query_string#fragment_id" (see: RFC1738 standard http: / / www.ietf.org / rfc / rfc1738.txt ), all URLs must follow this rule. If the protocol (scheme) part is omitted, the default is the HTTP protocol, and the username and password (username:password) part can be omitted. In the HTTP protocol, the port number (port) defaults to 80, this item can also be omitted, and the fragment_id part has no practical value in detecting whether it is a malicious URL. According to the above characteristics of the URL format, it can be considered that the format of the URL is variable, and multiple URLs that are not exactly the same may point to the s...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L12/26H04L29/06
Inventor 苏培旺李石磊张栗伟
Owner HARBIN ANTIY TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products